Based on best practices, which types of accounts should be disabled for interactive login?

Comprehensive and Detailed Step-by-Step Explanation:

Service accountsare used by applications or systems to perform automated tasks and shouldnot be allowed for interactive login, as they present security risks if compromised.

Service Accounts (Correct Answer – D)

Used for running background tasks (e.g., database services, scheduled jobs).

Should have minimal permissions and be denied interactive logins.

Example:A compromised service account with interactive login could allow attackers to gain system access.

Local Accounts (Incorrect – A)

Local administrator accounts should be restricted but may still be required for some systems.

Administrator Accounts (Incorrect – B)

Should be restricted, but disabling them entirely could lock out system management.

Console Accounts (Incorrect – C)

Console access is sometimes needed for system recovery and troubleshooting.